Bug Alert: ISS: Flaw in PeopleSoft Application Messaging Gateway

Today’s bug patches and security alerts:

ISS: Flaw in PeopleSoft Application Messaging Gateway

According to an alert from ISS, “Attackers can use an XML External Entities (XXE) attack to read any file on the vulnerable PeopleSoft application server under the security context of the Web server process. This attack may lead to the exposure of confidential information stored in vulnerable PeopleSoft installations.” The Application Messaging Gateway is configured to run with the PeopleSoft Webserver and is accessible via Java servlet. For more, go to:

https://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811

**********

Flaw found in CuteFTP application

A buffer overflow vulnerability in CuteFTP’s use of the LIST command could be exploited to run arbitrary code of the affected machine, according to an alert from Secunia. GlobalScape is said to be working on a fix for this problem, which will be posted to:

http://www.cuteftp.com

Secunia advisory:

https://www.secunia.com/advisories/7898/

**********

Caldera patches wget for OpenLinux

As we reported earlier this month, a directory traversal flaw in wget could allow a malicious user to write files outside the download directory of the affected machine. For more, go to:

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt

**********

More DHCP packages available

As we reported late last week, a serious security flaw has been found in the Internet Software Consortium’s Dynamic Host Configuration Protocol that ships with many operating systems. An attacker could exploit this flaw to take control of the affected system. Additional operating system patches are now available:

Debian:

https://www.debian.org/security/2003/dsa-231

OpenPKG:

https://www.openpkg.org/security/OpenPKG-SA-2003.002-dhcpd.html

**********

Today’s roundup of virus alerts:

Horo – This e-mail-based virus comes as an attachment called “HOROSCOPE.SCR” in a message entitled “Today’s free horoscope.” The virus writes large amounts of data to the harddrive, which could have an effect on the machine’s performance, and e-mails itself out to everyone listed in a local Outlook address book. (Panda Software)

W32/Sahay – Another e-mail worm. This one comes in a message entitled “Fw: Sit back and be surprised…” with an attachment called “MATHMAGIC.SCR”. The malicious code tries to remove another virus from the infected machine and infects all .exe files. It also mails itself out to everyone in the local Outlook address book. (Panda Software, Sophos)

Trj/W32.Sevic – A Trojan that blocks access to English versions of Windows. It also displays obscene images on the infected machine. (Panda Software)

**********

From the interesting reading department:

Preventative action

Trend Micro last week unveiled a range of new services and product updates it hopes can help ease the administrative task of preventing and cleaning up after virus outbreaks. Network World, 01/20/03.

https://www.nwfusion.com/news/2003/0120trendmicro.html

Blended threats need an intelligent response, exec says

IT security threats will become more widespread and sophisticated in 2003, and end users will have to lift their game in order to contain those threats, according to Piti Pramotedham, managing director, Asia South, for Computer Associates International. IDG News Service, 01/21/03.

https://www.nwfusion.com/news/2003/0121blendthrea.html

**********

Archives online:

If it’s archives you want, we’ve got ’em:

https://www.nwfusion.com/newsletters/bug/